diff --git a/action/approve.php b/action/approve.php
index 6ecb136..3ae55f4 100644
--- a/action/approve.php
+++ b/action/approve.php
@@ -28,10 +28,14 @@ function handle_io_write(Doku_Event &$event, $param) {
             return;
         }
 
-        if ($INPUT->has('publish_approve')) {
+        if (!$INPUT->has('publish_approve')) {
             return;
         }
 
+        if(!checkSecurityToken()){
+             return;
+        }
+
         if (!$this->helper->canApprove()) {
             msg($this->getLang('wrong permissions to approve'), -1);
             return;
diff --git a/action/banner.php b/action/banner.php
index 7f5af31..53d2d42 100644
--- a/action/banner.php
+++ b/action/banner.php
@@ -187,8 +187,14 @@ private function showApproveAction() {
             }
         }
 
+        $params = array(
+            'rev' => $REV,
+            'publish_approve' => 1,
+            'sectok' => getSecurityToken(),
+        );
+
         echo '<span class="approval_action">';
-        echo '<a href="' . wl($ID, array('rev' => $REV, 'publish_approve'=>1)) . '">';
+        echo '<a href="' . wl($ID, $params) . '">';
         echo $this->getLang('approve action');
         echo '</a>';
         echo '</span> ';